Get Informed

Participate

FAQ

Placement of NIDS

What justifies the placement of a NIDS before the firewall or after the firewall?
2005-09-12 12-57-27 SOURCE: tn1
This is two totally different scenarios, and you deploy ...

on 2005-09-12 02:23:06

What justifies the placement of a NIDS before the firewall or after the firewall?
2005-09-12 12-57-27 SOURCE: tn1
This is two totally different scenarios, and you deploy them dependent on what you want to achieve with the NDIS implementation.
If you want to know everything that goes on, even before your firewall has performed its filtering, you place a NDIS sensor on the outside leg. However, this will actually generate events that would not be a risk to your net as a lot of the traffic would hopefully be terminated by your firewall, long before it reaches any DMZ or internal hosts. The only good reason to place the sensor in front of the firewall is if you want to do research on what's out there.
Placement of the NDIS sensors on DMZ and on the Internal net would only log traffic that has actually passed the firewall filters and therefore would be far fewer and of better quality. This is the recommended way of placing NDIS sensors on a corporate network.
Thomas Nilsen

Use of this site is governed by our Terms of Use and Privacy Policy.
Copyright 1996- Ziff Davis, LLC. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission
of Ziff Davis, LLC. is prohibited.PCMag Digital GroupAdChoice